BitTorrent Forum Hack Exposed User Passwords, Email and IP Addresses

BitTorrent, the popular torrent site has been hacked, exposing private information of tens of thousands of user accounts of its community forums.

Hackers stole personal data of BitTorrent forum users

Hackers have managed to steal user information of a large number of accounts of the BitTorrent forum. The data dump contains over 34,000 usernames, email addresses, IP addresses, and hashed passwords. Troy Hunt, who has been uploading the hacked datasets of LinkedIn, Tumblr and other hacked sites, has now also uploaded the stolen BitTorrent forum data on his Have I Been Pwned site.

The most visited torrent client in the world with over 150 million monthly active users, BitTorrent has also announced that its community forums have been hacked. The site has a dedicated community forum having over hundreds of thousands of registered members. Exposing private information of its users, the data trading site has said that the vulnerability was originated at one of its vendors, who then alerted BitTorrent about the issue earlier this week. Exploiting this vulnerability, the forum database was compromised by hackers who were able to steal a large number of user passwords.

On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums.
The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts.

As a result, attackers were able to download a list of our forum users. We are investigating further to learn if any other information was accessed.Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector. – BitTorrent

BitTorrent is also advising its users to change their passwords, specifically those who have used the same password on other sites. “As a precaution, we are advising our users to change their passwords. While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised.” While it’s not clear, it seems likely that the site has changed the password hashing algorithm since the attack, making them invalid for their own forums, but still useful for other sites where the user has used the same password.

If you are a user of BitTorrent’s community forums, consider changing your passwords. With hackers having access to large troves of stolen passwords, it has become even more important to use different and totally unrelated passwords for important online accounts.